Abstract

Since the last decade of the 20th century, the Internet had become flourishing, which drew great interest in the detection of abnormal network traffic. Particular-ly, it’s impossible to manually detect the abnormal patterns from enormous traffic flow in real time. Therefore, multiple machine learning methods are adopted to solve this learning problem. Those methods differ in mathematical models, knowledge models, application scenarios and target flows. In recent years, as a consequence of the technological breakthrough of Web 3.0, the traditional types of traffic classifiers are getting outdated and people start to focus on deep learning methods. Deep learning provides the potential for end-to-end learning systems to automatically learn the abnormal patterns without massive feature engineering, saving plenty of detecting time. In this study, to further save both memory and times of learning systems, we propose a novel multi-task learning system based on convolutional neural network, which can simultaneously solve the tasks of malware detection, VPN-capsulation recognition and Trojan classification. To the best of our knowledge, it’s the first time to apply an end-to-end multi-task learn-ing system in traffic classification. In order to validate this method, we establish experiments on public malware dataset CTU-13 and VPN traffic dataset ISCX. Our system found a synergy among all these tasks and managed to achieve the state-of-the-art output for most of the experiments.